1 /*
2 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/quic_demux.h"
11 #include "internal/quic_wire_pkt.h"
12 #include "internal/common.h"
13 #include <openssl/lhash.h>
14 #include <openssl/err.h>
15
16 #define URXE_DEMUX_STATE_FREE 0 /* on urx_free list */
17 #define URXE_DEMUX_STATE_PENDING 1 /* on urx_pending list */
18 #define URXE_DEMUX_STATE_ISSUED 2 /* on neither list */
19
20 #define DEMUX_MAX_MSGS_PER_CALL 32
21
22 #define DEMUX_DEFAULT_MTU 1500
23
24 struct quic_demux_st {
25 /* The underlying transport BIO with datagram semantics. */
26 BIO *net_bio;
27
28 /*
29 * QUIC short packets do not contain the length of the connection ID field,
30 * therefore it must be known contextually. The demuxer requires connection
31 * IDs of the same length to be used for all incoming packets.
32 */
33 size_t short_conn_id_len;
34
35 /*
36 * Our current understanding of the upper bound on an incoming datagram size
37 * in bytes.
38 */
39 size_t mtu;
40
41 /* The datagram_id to use for the next datagram we receive. */
42 uint64_t next_datagram_id;
43
44 /* Time retrieval callback. */
45 OSSL_TIME (*now)(void *arg);
46 void *now_arg;
47
48 /* The default packet handler, if any. */
49 ossl_quic_demux_cb_fn *default_cb;
50 void *default_cb_arg;
51
52 /*
53 * List of URXEs which are not currently in use (i.e., not filled with
54 * unconsumed data). These are moved to the pending list as they are filled.
55 */
56 QUIC_URXE_LIST urx_free;
57
58 /*
59 * List of URXEs which are filled with received encrypted data. These are
60 * removed from this list as we invoke the callbacks for each of them. They
61 * are then not on any list managed by us; we forget about them until our
62 * user calls ossl_quic_demux_release_urxe to return the URXE to us, at
63 * which point we add it to the free list.
64 */
65 QUIC_URXE_LIST urx_pending;
66
67 /* Whether to use local address support. */
68 char use_local_addr;
69 };
70
ossl_quic_demux_new(BIO * net_bio,size_t short_conn_id_len,OSSL_TIME (* now)(void * arg),void * now_arg)71 QUIC_DEMUX *ossl_quic_demux_new(BIO *net_bio,
72 size_t short_conn_id_len,
73 OSSL_TIME (*now)(void *arg),
74 void *now_arg)
75 {
76 QUIC_DEMUX *demux;
77
78 demux = OPENSSL_zalloc(sizeof(QUIC_DEMUX));
79 if (demux == NULL)
80 return NULL;
81
82 demux->net_bio = net_bio;
83 demux->short_conn_id_len = short_conn_id_len;
84 /* We update this if possible when we get a BIO. */
85 demux->mtu = DEMUX_DEFAULT_MTU;
86 demux->now = now;
87 demux->now_arg = now_arg;
88
89 if (net_bio != NULL
90 && BIO_dgram_get_local_addr_cap(net_bio)
91 && BIO_dgram_set_local_addr_enable(net_bio, 1))
92 demux->use_local_addr = 1;
93
94 return demux;
95 }
96
demux_free_urxl(QUIC_URXE_LIST * l)97 static void demux_free_urxl(QUIC_URXE_LIST *l)
98 {
99 QUIC_URXE *e, *enext;
100
101 for (e = ossl_list_urxe_head(l); e != NULL; e = enext) {
102 enext = ossl_list_urxe_next(e);
103 ossl_list_urxe_remove(l, e);
104 OPENSSL_free(e);
105 }
106 }
107
ossl_quic_demux_free(QUIC_DEMUX * demux)108 void ossl_quic_demux_free(QUIC_DEMUX *demux)
109 {
110 if (demux == NULL)
111 return;
112
113 /* Free all URXEs we are holding. */
114 demux_free_urxl(&demux->urx_free);
115 demux_free_urxl(&demux->urx_pending);
116
117 OPENSSL_free(demux);
118 }
119
ossl_quic_demux_set_bio(QUIC_DEMUX * demux,BIO * net_bio)120 void ossl_quic_demux_set_bio(QUIC_DEMUX *demux, BIO *net_bio)
121 {
122 unsigned int mtu;
123
124 demux->net_bio = net_bio;
125
126 if (net_bio != NULL) {
127 /*
128 * Try to determine our MTU if possible. The BIO is not required to
129 * support this, in which case we remain at the last known MTU, or our
130 * initial default.
131 */
132 mtu = BIO_dgram_get_mtu(net_bio);
133 if (mtu >= QUIC_MIN_INITIAL_DGRAM_LEN)
134 ossl_quic_demux_set_mtu(demux, mtu); /* best effort */
135 }
136 }
137
ossl_quic_demux_set_mtu(QUIC_DEMUX * demux,unsigned int mtu)138 int ossl_quic_demux_set_mtu(QUIC_DEMUX *demux, unsigned int mtu)
139 {
140 if (mtu < QUIC_MIN_INITIAL_DGRAM_LEN)
141 return 0;
142
143 demux->mtu = mtu;
144 return 1;
145 }
146
ossl_quic_demux_set_default_handler(QUIC_DEMUX * demux,ossl_quic_demux_cb_fn * cb,void * cb_arg)147 void ossl_quic_demux_set_default_handler(QUIC_DEMUX *demux,
148 ossl_quic_demux_cb_fn *cb,
149 void *cb_arg)
150 {
151 demux->default_cb = cb;
152 demux->default_cb_arg = cb_arg;
153 }
154
demux_alloc_urxe(size_t alloc_len)155 static QUIC_URXE *demux_alloc_urxe(size_t alloc_len)
156 {
157 QUIC_URXE *e;
158
159 if (alloc_len >= SIZE_MAX - sizeof(QUIC_URXE))
160 return NULL;
161
162 e = OPENSSL_malloc(sizeof(QUIC_URXE) + alloc_len);
163 if (e == NULL)
164 return NULL;
165
166 ossl_list_urxe_init_elem(e);
167 e->alloc_len = alloc_len;
168 e->data_len = 0;
169 return e;
170 }
171
demux_resize_urxe(QUIC_DEMUX * demux,QUIC_URXE * e,size_t new_alloc_len)172 static QUIC_URXE *demux_resize_urxe(QUIC_DEMUX *demux, QUIC_URXE *e,
173 size_t new_alloc_len)
174 {
175 QUIC_URXE *e2, *prev;
176
177 if (!ossl_assert(e->demux_state == URXE_DEMUX_STATE_FREE))
178 /* Never attempt to resize a URXE which is not on the free list. */
179 return NULL;
180
181 prev = ossl_list_urxe_prev(e);
182 ossl_list_urxe_remove(&demux->urx_free, e);
183
184 if (new_alloc_len >= SIZE_MAX - sizeof(QUIC_URXE))
185 return NULL;
186
187 e2 = OPENSSL_realloc(e, sizeof(QUIC_URXE) + new_alloc_len);
188 if (e2 == NULL) {
189 /* Failed to resize, abort. */
190 if (prev == NULL)
191 ossl_list_urxe_insert_head(&demux->urx_free, e);
192 else
193 ossl_list_urxe_insert_after(&demux->urx_free, prev, e);
194
195 return NULL;
196 }
197
198 if (prev == NULL)
199 ossl_list_urxe_insert_head(&demux->urx_free, e2);
200 else
201 ossl_list_urxe_insert_after(&demux->urx_free, prev, e2);
202
203 e2->alloc_len = new_alloc_len;
204 return e2;
205 }
206
demux_reserve_urxe(QUIC_DEMUX * demux,QUIC_URXE * e,size_t alloc_len)207 static QUIC_URXE *demux_reserve_urxe(QUIC_DEMUX *demux, QUIC_URXE *e,
208 size_t alloc_len)
209 {
210 return e->alloc_len < alloc_len ? demux_resize_urxe(demux, e, alloc_len) : e;
211 }
212
demux_ensure_free_urxe(QUIC_DEMUX * demux,size_t min_num_free)213 static int demux_ensure_free_urxe(QUIC_DEMUX *demux, size_t min_num_free)
214 {
215 QUIC_URXE *e;
216
217 while (ossl_list_urxe_num(&demux->urx_free) < min_num_free) {
218 e = demux_alloc_urxe(demux->mtu);
219 if (e == NULL)
220 return 0;
221
222 ossl_list_urxe_insert_tail(&demux->urx_free, e);
223 e->demux_state = URXE_DEMUX_STATE_FREE;
224 }
225
226 return 1;
227 }
228
229 /*
230 * Receive datagrams from network, placing them into URXEs.
231 *
232 * Returns 1 on success or 0 on failure.
233 *
234 * Precondition: at least one URXE is free
235 * Precondition: there are no pending URXEs
236 */
demux_recv(QUIC_DEMUX * demux)237 static int demux_recv(QUIC_DEMUX *demux)
238 {
239 BIO_MSG msg[DEMUX_MAX_MSGS_PER_CALL];
240 size_t rd, i;
241 QUIC_URXE *urxe = ossl_list_urxe_head(&demux->urx_free), *unext;
242 OSSL_TIME now;
243
244 /* This should never be called when we have any pending URXE. */
245 assert(ossl_list_urxe_head(&demux->urx_pending) == NULL);
246 assert(urxe->demux_state == URXE_DEMUX_STATE_FREE);
247
248 if (demux->net_bio == NULL)
249 /*
250 * If no BIO is plugged in, treat this as no datagram being available.
251 */
252 return QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL;
253
254 /*
255 * Opportunistically receive as many messages as possible in a single
256 * syscall, determined by how many free URXEs are available.
257 */
258 for (i = 0; i < (ossl_ssize_t)OSSL_NELEM(msg);
259 ++i, urxe = ossl_list_urxe_next(urxe)) {
260 if (urxe == NULL) {
261 /* We need at least one URXE to receive into. */
262 if (!ossl_assert(i > 0))
263 return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL;
264
265 break;
266 }
267
268 /* Ensure the URXE is big enough. */
269 urxe = demux_reserve_urxe(demux, urxe, demux->mtu);
270 if (urxe == NULL)
271 /* Allocation error, fail. */
272 return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL;
273
274 /* Ensure we zero any fields added to BIO_MSG at a later date. */
275 memset(&msg[i], 0, sizeof(BIO_MSG));
276 msg[i].data = ossl_quic_urxe_data(urxe);
277 msg[i].data_len = urxe->alloc_len;
278 msg[i].peer = &urxe->peer;
279 BIO_ADDR_clear(&urxe->peer);
280 if (demux->use_local_addr)
281 msg[i].local = &urxe->local;
282 else
283 BIO_ADDR_clear(&urxe->local);
284 }
285
286 ERR_set_mark();
287 if (!BIO_recvmmsg(demux->net_bio, msg, sizeof(BIO_MSG), i, 0, &rd)) {
288 if (BIO_err_is_non_fatal(ERR_peek_last_error())) {
289 /* Transient error, clear the error and stop. */
290 ERR_pop_to_mark();
291 return QUIC_DEMUX_PUMP_RES_TRANSIENT_FAIL;
292 } else {
293 /* Non-transient error, do not clear the error. */
294 ERR_clear_last_mark();
295 return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL;
296 }
297 }
298
299 ERR_clear_last_mark();
300 now = demux->now != NULL ? demux->now(demux->now_arg) : ossl_time_zero();
301
302 urxe = ossl_list_urxe_head(&demux->urx_free);
303 for (i = 0; i < rd; ++i, urxe = unext) {
304 unext = ossl_list_urxe_next(urxe);
305 /* Set URXE with actual length of received datagram. */
306 urxe->data_len = msg[i].data_len;
307 /* Time we received datagram. */
308 urxe->time = now;
309 urxe->datagram_id = demux->next_datagram_id++;
310 /* Move from free list to pending list. */
311 ossl_list_urxe_remove(&demux->urx_free, urxe);
312 ossl_list_urxe_insert_tail(&demux->urx_pending, urxe);
313 urxe->demux_state = URXE_DEMUX_STATE_PENDING;
314 }
315
316 return QUIC_DEMUX_PUMP_RES_OK;
317 }
318
319 /* Extract destination connection ID from the first packet in a datagram. */
demux_identify_conn_id(QUIC_DEMUX * demux,QUIC_URXE * e,QUIC_CONN_ID * dst_conn_id)320 static int demux_identify_conn_id(QUIC_DEMUX *demux,
321 QUIC_URXE *e,
322 QUIC_CONN_ID *dst_conn_id)
323 {
324 return ossl_quic_wire_get_pkt_hdr_dst_conn_id(ossl_quic_urxe_data(e),
325 e->data_len,
326 demux->short_conn_id_len,
327 dst_conn_id);
328 }
329
330 /*
331 * Process a single pending URXE.
332 * Returning 1 on success, 0 on failure.
333 */
demux_process_pending_urxe(QUIC_DEMUX * demux,QUIC_URXE * e)334 static int demux_process_pending_urxe(QUIC_DEMUX *demux, QUIC_URXE *e)
335 {
336 QUIC_CONN_ID dst_conn_id;
337 int dst_conn_id_ok = 0;
338
339 /* The next URXE we process should be at the head of the pending list. */
340 if (!ossl_assert(e == ossl_list_urxe_head(&demux->urx_pending)))
341 return 0;
342
343 assert(e->demux_state == URXE_DEMUX_STATE_PENDING);
344
345 /* Determine the DCID of the first packet in the datagram. */
346 dst_conn_id_ok = demux_identify_conn_id(demux, e, &dst_conn_id);
347
348 ossl_list_urxe_remove(&demux->urx_pending, e);
349 if (demux->default_cb != NULL) {
350 /*
351 * Pass to default handler for routing. The URXE now belongs to the
352 * callback.
353 */
354 e->demux_state = URXE_DEMUX_STATE_ISSUED;
355 demux->default_cb(e, demux->default_cb_arg,
356 dst_conn_id_ok ? &dst_conn_id : NULL);
357 } else {
358 /* Discard. */
359 ossl_list_urxe_insert_tail(&demux->urx_free, e);
360 e->demux_state = URXE_DEMUX_STATE_FREE;
361 }
362
363 return 1; /* keep processing pending URXEs */
364 }
365
366 /* Process pending URXEs to generate callbacks. */
demux_process_pending_urxl(QUIC_DEMUX * demux)367 static int demux_process_pending_urxl(QUIC_DEMUX *demux)
368 {
369 QUIC_URXE *e;
370 int ret;
371
372 while ((e = ossl_list_urxe_head(&demux->urx_pending)) != NULL)
373 if ((ret = demux_process_pending_urxe(demux, e)) <= 0)
374 return ret;
375
376 return 1;
377 }
378
379 /*
380 * Drain the pending URXE list, processing any pending URXEs by making their
381 * callbacks. If no URXEs are pending, a network read is attempted first.
382 */
ossl_quic_demux_pump(QUIC_DEMUX * demux)383 int ossl_quic_demux_pump(QUIC_DEMUX *demux)
384 {
385 int ret;
386
387 if (ossl_list_urxe_head(&demux->urx_pending) == NULL) {
388 ret = demux_ensure_free_urxe(demux, DEMUX_MAX_MSGS_PER_CALL);
389 if (ret != 1)
390 return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL;
391
392 ret = demux_recv(demux);
393 if (ret != QUIC_DEMUX_PUMP_RES_OK)
394 return ret;
395
396 /*
397 * If demux_recv returned successfully, we should always have something.
398 */
399 assert(ossl_list_urxe_head(&demux->urx_pending) != NULL);
400 }
401
402 if ((ret = demux_process_pending_urxl(demux)) <= 0)
403 return QUIC_DEMUX_PUMP_RES_PERMANENT_FAIL;
404
405 return QUIC_DEMUX_PUMP_RES_OK;
406 }
407
408 /* Artificially inject a packet into the demuxer for testing purposes. */
ossl_quic_demux_inject(QUIC_DEMUX * demux,const unsigned char * buf,size_t buf_len,const BIO_ADDR * peer,const BIO_ADDR * local)409 int ossl_quic_demux_inject(QUIC_DEMUX *demux,
410 const unsigned char *buf,
411 size_t buf_len,
412 const BIO_ADDR *peer,
413 const BIO_ADDR *local)
414 {
415 int ret;
416 QUIC_URXE *urxe;
417
418 ret = demux_ensure_free_urxe(demux, 1);
419 if (ret != 1)
420 return 0;
421
422 urxe = ossl_list_urxe_head(&demux->urx_free);
423
424 assert(urxe->demux_state == URXE_DEMUX_STATE_FREE);
425
426 urxe = demux_reserve_urxe(demux, urxe, buf_len);
427 if (urxe == NULL)
428 return 0;
429
430 memcpy(ossl_quic_urxe_data(urxe), buf, buf_len);
431 urxe->data_len = buf_len;
432
433 if (peer != NULL)
434 urxe->peer = *peer;
435 else
436 BIO_ADDR_clear(&urxe->peer);
437
438 if (local != NULL)
439 urxe->local = *local;
440 else
441 BIO_ADDR_clear(&urxe->local);
442
443 urxe->time
444 = demux->now != NULL ? demux->now(demux->now_arg) : ossl_time_zero();
445
446 /* Move from free list to pending list. */
447 ossl_list_urxe_remove(&demux->urx_free, urxe);
448 urxe->datagram_id = demux->next_datagram_id++;
449 ossl_list_urxe_insert_tail(&demux->urx_pending, urxe);
450 urxe->demux_state = URXE_DEMUX_STATE_PENDING;
451
452 return demux_process_pending_urxl(demux) > 0;
453 }
454
455 /* Called by our user to return a URXE to the free list. */
ossl_quic_demux_release_urxe(QUIC_DEMUX * demux,QUIC_URXE * e)456 void ossl_quic_demux_release_urxe(QUIC_DEMUX *demux,
457 QUIC_URXE *e)
458 {
459 assert(ossl_list_urxe_prev(e) == NULL && ossl_list_urxe_next(e) == NULL);
460 assert(e->demux_state == URXE_DEMUX_STATE_ISSUED);
461 ossl_list_urxe_insert_tail(&demux->urx_free, e);
462 e->demux_state = URXE_DEMUX_STATE_FREE;
463 }
464
ossl_quic_demux_reinject_urxe(QUIC_DEMUX * demux,QUIC_URXE * e)465 void ossl_quic_demux_reinject_urxe(QUIC_DEMUX *demux,
466 QUIC_URXE *e)
467 {
468 assert(ossl_list_urxe_prev(e) == NULL && ossl_list_urxe_next(e) == NULL);
469 assert(e->demux_state == URXE_DEMUX_STATE_ISSUED);
470 ossl_list_urxe_insert_head(&demux->urx_pending, e);
471 e->demux_state = URXE_DEMUX_STATE_PENDING;
472 }
473
ossl_quic_demux_has_pending(const QUIC_DEMUX * demux)474 int ossl_quic_demux_has_pending(const QUIC_DEMUX *demux)
475 {
476 return ossl_list_urxe_head(&demux->urx_pending) != NULL;
477 }
478